Visible OpsVisible Ops Security
ITPI
Authors: Paul Love, Gene Kim, George. Spafford
(Co-Author -
ISBN: 0975568620)
Visible Ops Security builds upon the methodology presented in the original Visible Ops Handbook. It guides information security professionals in strengthening relationships with IT operations and development groups to advance IT objectives and business goals. It addresses the people side of IT, empowering security to work with operations teams to achieve closely aligned objectives and with development and release teams to integrate security requirements into preproduction work. The Visible Ops Security methodology helps IT organizations move beyond a focus on technology to address the core operational aspects of security. It complements publications that focus on securing the network, access, and data, including COBIT (Control Objectives for Information and related Technology), ISO 27001:2005 (International Standards Organization), and ITIL® (IT Infrastructure Library) manuals. It promotes effective teamwork, which helps security professionals ensure that security is built into key development and production processes. This effort positions the IT organization to meet business needs by delivering highly available, cost-effective, and secure services.

IISA GTAGGlobal Technology Audit Guide 15 - Information Security Governance
The Internal Institute of Auditors
(Co-Author -
IIA Download)
Information is a significant component of most organizations’ competitive strategy either by the direct collection, management, and interpretation of business information or the retention of information for day-to-day business processing. Some of the more obvious results of IS failures include reputational damage, placing the organization at a competitive disadvantage, and contractual noncompliance.
These impacts should not be underestimated.
This Global Technology Audit Guide (GTAG) will provide a thought process to assist the chief audit executive (CAE) in incorporating an audit of information security governance (ISG) into the audit plan, focusing on whether the organization’s ISG activity delivers the correct behaviors, practices, and execution of IS.

GTAG 15: Information Security Governance will assist efforts to:
1.Define ISG.
2.Help internal auditors understand the right questions to ask and know what documentation is required.
3.Describe the internal audit activity’s (IAA) role in ISG.

ITPIIT Audit Checklist: Privacy and Data Protection
IT Governance Institute
(Co-Author - T2P Download) This paper supports an internal audit of the organization's regulatory, legal, contractual and reputation protection requirements to maintaining the confidentiality and integrity of sensitive information related to itself, employees, customers, business partners, and other entities.

The paper includes advice on assessing the robustness of privacy controls; guidance on how management and auditors support privacy policies and procedures; and information on ensuring continual improvement of privacy practices.

Beginning UnixBeginning Unix
Wrox (Co-Author -
ISBN: 0764579940)
* Covering all aspects of the Unix operating system and assuming no prior knowledge of Unix, this book begins with the fundamentals and works from the ground up to some of the more advanced programming techniques
* The authors provide a wealth of real-world experience with the Unix operating system, delivering actual examples while showing some of the common misconceptions and errors that new users make
* Special emphasis is placed on the Apple Mac OS X environment as well as Linux, Solaris, and migrating from Windows to Unix
* A unique conversion section of the book details specific advice and instructions for transitioning Mac OS X, Windows, and Linux users

Hacking KnoppixHacking Knoppix
Wiley (Contributing Author -
ISBN: 0764597841)
* Knoppix is an innovative Linux distribution that does not require installation, making it ideal to use for a rescue system, demonstration purposes, or many other applications
* Shows hack-hungry fans how to fully customize Knoppix and Knoppix-based distributions
* Readers will learn to create two different Knoppix-based live CDs, one for children and one for Windows recovery
* Teaches readers to use Knoppix to work from a strange computer, rescue a Windows computer that won't boot, repair and recover data from other machines, and more

Hardening LinuxHardening Linux
McGraw-Hill (Co-Author -
ISBN: 0072254971)
Take a proactive approach to Enterprise Linux security by implementing preventive measures against attacks--before they occur. Written by a team of Linux security experts, this hands-on resource provides concrete steps you can take immediately as well as ongoing actions to ensure long-term security. Features include examples using Red Hat Enterprise Linux AS 3.0, and Novell’s SUSE Linux versions SLES8 and SLES9. Get complete details on how to systematically harden your network from the ground up, as well as strategies for getting company-wide support for your security plan.

Features a four-part hardening methodology:

* Do This Now!--Important steps to lockdown your system from further attack
* Take It From The Top--Systematic approach to hardening your enterprise from the top down, focusing on network access, software accessibility, data access, storage, and communications
* Once Is Never Enough!--Ongoing monitoring and assessment plan to keep your network secure, including patch management, auditing, and log file scanning
* How to Succeed at Hardening Your Linux Systems--Strategies for getting budget approval, management buy-in, and employee cooperation for your security program.

hardening network securityHardening Network Security
McGraw-Hill (Co-Author -
ISBN: 0072257032)
Take a proactive approach to network security by implementing preventive measures against attacks--before they occur. Written by a team of security experts, this hands-on resource provides concrete steps you can take immediately as well as ongoing actions to ensure long-term security. Get complete details on how to systematically harden your network from the ground up, as well as strategies for getting company-wide support for your security plan.

Features a four-part hardening methodology:

* Do This Now!--Checklist of immediate steps to take to lockdown your system from further attack
* Take It From The Top--Systematic approach to hardening your enterprise from the top down
* Once Is Never Enough!--Ongoing monitoring and assessment plan to keep your network secure, including patch management and auditing
* How to Succeed--Strategies for getting budget approval, management buy-in, and employee cooperation for your security program.

Linux BibleLinux Bible, 2005 Edition
Wiley
(Contributing Author -
ISBN: 0764579495)
* Detailed installation instructions and step-by-step descriptions of key desktop and server components help new users get up and running immediately
* Descriptions of the various distributions from people in the Linux community help users zero in on the best Linux for their needs
* The perfect migration guide for Windows and Macintosh desktop users who want to switch to Linux, as well as for systems administrators who want to set up secure, fully functioning server systems
* Covers Linux embedded systems, firewalls, and routers plus desktops and servers
* Includes Fedora Core 3, Debian Linux, SUSE Linux, Knoppix, Gentoo Linux, Slackware Linux, Mandrake Linux, Damn Small Linux, and a Linux firewall and router on DVD.

Enterprise InfoSecurityEnterprise Information Security and Privacy
Artech House Publishers
(Contributing Author -
ISBN: 1596931906)
Here's a unique and practical book that addresses the rapidly growing problem of information security, privacy, and secrecy threats and vulnerabilities. This authoritative resource helps professionals understand what really needs to be done to protect sensitive data and systems and how to comply with the burgeoning roster of data protection laws and regulations. The book examines the effectiveness and weaknesses of current approaches and guides you towards practical methods and doable processes that can bring about real improvement in the overall security environment. Readers gain insight into the latest security and privacy trends, learn how to determine and mitigate risks, and discover the specific dangers and responses regarding the most critical sectors of a modern economy.

Technical Editing
Technical editor for the following books:
Korn Shell Programming by Example, Unix Primer Plus, Special Edition Using KDE, Red Hat Linux Systems Administration Unleashed, Oracle DBA on Unix and Linux and Multiple Linux Unleashed Books (SuSE, Red Hat, Mandrake, Debian.)
Published by Sams/Macmillan Publishing - Between 1999 and 2001